9527 matches found
AZL-35235 CVE-2022-35256 affecting package rust for versions less than 1.75.0-1
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...
AZL-31039 CVE-2022-35256 affecting package rust for versions less than 1.68.0-1
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...
GHSA-QQFF-4VW4-F6HX Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
The Cap'n Proto library and capnp Rust package are vulnerable to out-of-bounds read due to logic error handling list-of-list. If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the...
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
The Cap'n Proto library and capnp Rust package are vulnerable to out-of-bounds read due to logic error handling list-of-list. If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the...
Android is slowly mastering memory management vulnerabilities
Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...
auditor (>=0.0.1 <=0.0.2), avrisp (=0.3.0) +29 more potentially affected by unknown CVE via claim (>=0.3.1 <=0.5.0)
claim CARGO version =0.3.1, =0.0.1, =0.1.0, =0.3.0, =0.1.0, =0.2.0, =0.1.1, =0.1.0, =0.0.1, =0.0.2, =0.9.0, =0.8.0, =1.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0077...
Fedora 36 : capnproto / fastnetmon / librime / rr / sonic-visualiser (2022-5d37367673)
The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-5d37367673 advisory. Update capnproto to version 0.9.2 to address CVE-2022-46149. Dependent packages were rebuilt for both the fix for the security issue and the capnproto SONAME...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
Out-of-bounds
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
abci-storage (=0.0.3), bench-trie (>=0.12.0 <=0.12.2) +294 more potentially affected by unknown CVE via parity-util-mem (>=0.10.2 <=0.9.0)
parity-util-mem CARGO version =0.10.2, =0.12.0, =0.7.0, =0.8.8, =1.0.0, =2.0.0, =0.0.7, =0.1.0, =1.0.0 - edge-signaling =1.0.0 - edge-treasury-reward =1.0.0 - edge-voting =1.0.0 - edgeware-primitives =3.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0080...
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...
RUSTSEC-2022-0070 Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...
CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149
CVE-2022-46149 affects Cap'n Proto and its Rust crate. The vulnerability is an out-of-bounds read caused by logic errors when handling a list-of-pointer type, which can lead to a remote segfault and, with additional actions, memory exfiltration. The issue is present in inlined code and requires r...
Out-of-bounds Read
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 is vulnerable to out-of-bounds read due to logic error handli...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...
A new RansomExx ransomware strain revised in Rust
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary RansomExx is a ransomware variant that operates on a ransomware-as-a-service RaaS model and has been active since it first appeared in 2018 as Defray777. The latest version, dubbed RansomExx2 by threat...